diff --git a/.pipelines/azure-pipeline-build.yml b/.pipelines/azure-pipeline-build.yml index 68a3b2d8d..3a5a3ff81 100644 --- a/.pipelines/azure-pipeline-build.yml +++ b/.pipelines/azure-pipeline-build.yml @@ -2,7 +2,6 @@ trigger: branches: include: - main - pr: autoCancel: true branches: diff --git a/.trivyignore b/.trivyignore index f08a7d6ab..1cc287d04 100644 --- a/.trivyignore +++ b/.trivyignore @@ -17,6 +17,11 @@ CVE-2023-45288 CVE-2023-48795 CVE-2024-24557 CVE-2020-8559 +CVE-2023-45289 +CVE-2023-45290 +CVE-2024-24783 +CVE-2024-24784 +CVE-2024-24785 # MEDIUM - promconfigvalidator CVE-2023-48795 CVE-2024-24786 @@ -26,7 +31,23 @@ CVE-2020-8559 # MEDIUM - go vulnerabilities CVE-2023-3978 CVE-2023-44487 +CVE-2023-45283 +CVE-2023-45287 +CVE-2023-39318 +CVE-2023-39319 +CVE-2023-39326 +CVE-2023-45284 # MEDIUM - mariner CVE-2023-5678 # MEDIUM - ruby CVE-2024-27281 +# MEDIUM - KSM +CVE-2023-29406 +CVE-2023-29409 +CVE-2023-39318 +CVE-2023-39319 +CVE-2023-39326 +CVE-2023-45284 +# HIGH - KSM +CVE-2023-45283 +CVE-2023-29403 \ No newline at end of file diff --git a/RELEASENOTES.md b/RELEASENOTES.md index 88358c578..260c85262 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -1,20 +1,11 @@ # Azure Monitor Metrics for AKS clusters -## Release 04-30-2024 +## Release 05-03-2024 -* Linux image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* Windows image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* TA image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* cfg sidecar image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* Change log - - * perf: add namespace selector to default jobs to improve perf - https://github.com/Azure/prometheus-collector/pull/867 - -## Release 04-25-2024 - -* Linux image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* Windows image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* TA image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` -* cfg sidecar image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:` +* Linux image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.8.10-main-` +* Windows image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.8.10-main-` +* TA image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.8.10-main-` +* cfg sidecar image - `mcr.microsoft.com/azuremonitor/containerinsights/ciprod/prometheus-collector/images:6.8.10-main-` * Change log - * fix: update to use older proxy setup for mdsd in aks - https://github.com/Azure/prometheus-collector/pull/864 * add remaining sdl scans similar to onebranch default - https://github.com/Azure/prometheus-collector/pull/858 @@ -32,6 +23,9 @@ * fix: set hubble minimal ingestion profile - https://github.com/Azure/prometheus-collector/pull/829 * [fix] Minor fix in onboarding templates - https://github.com/Azure/prometheus-collector/pull/828 * Remove telegraf for telemetry and only use fluent-bit + * perf: add namespace selector to default jobs to improve perf - https://github.com/Azure/prometheus-collector/pull/867 + * set hubble minimal ingestion profile - https://github.com/Azure/prometheus-collector/pull/860 + * Upgrade Metrics Extension (Linux & windows) from metricsext2-2.2024.328.1744 --> metricsext2-2.2024.419.1535 (This fixes the HDInsights bug (OOM) on flint clusters) ## Release 04-08-2024 diff --git a/otelcollector/VERSION b/otelcollector/VERSION index dd0026fc1..2e88bdc6f 100644 --- a/otelcollector/VERSION +++ b/otelcollector/VERSION @@ -1 +1 @@ -6.8.9 +6.8.10 diff --git a/otelcollector/build/windows/scripts/setup.ps1 b/otelcollector/build/windows/scripts/setup.ps1 index 768fa8eb9..4c1d1e676 100644 --- a/otelcollector/build/windows/scripts/setup.ps1 +++ b/otelcollector/build/windows/scripts/setup.ps1 @@ -15,8 +15,8 @@ New-Item -Type Directory -Path /etc/genevamonitoringagent ############################################################################################ Write-Host ('Installing Metrics Extension'); try { - Invoke-WebRequest -Uri "https://github.com/Azure/prometheus-collector/releases/download/metricsext2-2.2024.328.1744/MdmMetricsExtension.2.2024.328.1744.nupkg" -OutFile /installation/ME/mdmmetricsextension.2.2024.328.1744.zip - Expand-Archive -Path /installation/ME/mdmmetricsextension.2.2024.328.1744.zip -Destination /installation/ME/ + Invoke-WebRequest -Uri "https://github.com/Azure/prometheus-collector/releases/download/v6.8.9-main-05-02-2024-9facd0f8/MdmMetricsExtension.2.2024.419.1535.nupkg" -OutFile /installation/ME/mdmmetricsextension.2.2024.419.1535.zip + Expand-Archive -Path /installation/ME/mdmmetricsextension.2.2024.419.1535.zip -Destination /installation/ME/ Move-Item /installation/ME/MetricsExtension /opt/metricextension/ } catch { diff --git a/otelcollector/scripts/ccpsetup.sh b/otelcollector/scripts/ccpsetup.sh index fec0265e2..d1bf30e11 100644 --- a/otelcollector/scripts/ccpsetup.sh +++ b/otelcollector/scripts/ccpsetup.sh @@ -36,7 +36,7 @@ mkdir /opt/microsoft/linuxmonagent # Install ME echo "Installing Metrics Extension..." -sudo tdnf install -y metricsext2-2.2024.328.1744 +sudo tdnf install -y metricsext2-2.2024.419.1535 sudo tdnf list installed | grep metricsext2 | awk '{print $2}' > metricsextversion.txt # Remove any RPMs downloaded not from Mariner diff --git a/otelcollector/scripts/setup.sh b/otelcollector/scripts/setup.sh index 8b89856bd..63d7cfb84 100644 --- a/otelcollector/scripts/setup.sh +++ b/otelcollector/scripts/setup.sh @@ -59,7 +59,7 @@ cp /etc/cron.daily/logrotate /etc/cron.hourly/ # Install ME echo "Installing Metrics Extension..." -sudo tdnf install -y metricsext2-2.2024.328.1744 +sudo tdnf install -y metricsext2-2.2024.419.1535 sudo tdnf list installed | grep metricsext2 | awk '{print $2}' > metricsextversion.txt # tdnf does not have an autoremove feature. Only necessary packages are copied over to distroless build. Below reduces the image size if using non-distroless